SSO and email

I'm some what confused by the docs/SSO example class..
The docs show that SystemGlobals.properties defines:

sso.email.attribute - the name of the session parameter used for updateing jforum email adress

so I have this set to email:

then based on the example SSO code shows :

public String authenticateUser(ActionServletRequest request) { ... HttpSession session = JForum.getRequest().getSession(); session.setAttribute("password", user.getPassword()); // set correct password session.setAttribute("email", user.getUsername()); // and email address (my username)
[/code]
now..logicaly upgrading this code to 2.1.8 we would get:
public String authenticateUser(RequestContext ctx){ ... ctx.setAttribute("email", email); }

so I verified the email attribute is indeed being set..but I have the user profile doesnt reflect the email address? also If I dump the session.attributes in isSessionValid() via:
SessionContext sc = ctx.getSessionContext();
Enumeration e = sc.getAttributeNames();
it does not show the email entry..making me thing ctx.setAttribute() from RequestContext has nothing do with the actual http session?

what am I missing? any pointers on how to get jforum to use the email address?



[originally posted on jforum.net by dano]

Ok, I got it.. using 2.1.8 here is what I came up with:

public String authenticateUser(RequestContext ctx)
{ ...(get what u need from the cookie/database)
ctx.getSessionContext().setAttribute("email", email);
ControllerUtils.addCookie("JforumSSO", username, UtilToken.TOKEN_TIME);
}

It should be noted: if the user Already exists, the email address will NOT be persisted.

BTW: is there any easy way to disable/remove the 'Registration Informaration' section from the My Profile page when using SSO?


[originally posted on jforum.net by dano]

oh..I hacked ControllerUtil to match the other examples..allowing the creation of session cookie, rather the the persistent cookie it uses (that is good for about a year...).
[originally posted on jforum.net by dano]